ID de Prueba:	1.3.6.1.4.1.25623.1.0.61812
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0974
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0974. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817) The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815) All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0974.html Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2549 BugTraq ID: 29420 http://www.securityfocus.com/bid/29420 Cert/CC Advisory: TA08-309A http://www.us-cert.gov/cas/techalerts/TA08-309A.html https://www.exploit-db.com/exploits/5687 http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securitytracker.com/id?1021140 http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://secunia.com/advisories/35163 http://download.oracle.com/sunalerts/1019937.1.html SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.vupen.com/english/advisories/2008/3001 http://www.vupen.com/english/advisories/2009/0098 XForce ISS Database: acrobatreader-pdf-dos(42886) https://exchange.xforce.ibmcloud.com/vulnerabilities/42886 Common Vulnerability Exposure (CVE) ID: CVE-2008-2992 BugTraq ID: 30035 http://www.securityfocus.com/bid/30035 BugTraq ID: 32091 http://www.securityfocus.com/bid/32091 Bugtraq: 20081104 CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/498032/100/0/threaded Bugtraq: 20081104 Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/498027/100/0/threaded Bugtraq: 20081104 ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498055/100/0/threaded CERT/CC vulnerability note: VU#593409 http://www.kb.cert.org/vuls/id/593409 https://www.exploit-db.com/exploits/6994 https://www.exploit-db.com/exploits/7006 http://secunia.com/secunia_research/2008-14/ http://www.coresecurity.com/content/adobe-reader-buffer-overflow http://www.zerodayinitiative.com/advisories/ZDI-08-072/ http://osvdb.org/49520 http://secunia.com/advisories/29773 http://securityreason.com/securityalert/4549 Common Vulnerability Exposure (CVE) ID: CVE-2008-4812 BugTraq ID: 32100 http://www.securityfocus.com/bid/32100 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755 XForce ISS Database: adobe-acrobatreader-type1font-code-execution(46332) https://exchange.xforce.ibmcloud.com/vulnerabilities/46332 Common Vulnerability Exposure (CVE) ID: CVE-2008-4813 Bugtraq: 20081104 ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498056/100/0/threaded Bugtraq: 20081104 ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/498057/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-073/ http://www.zerodayinitiative.com/advisories/ZDI-08-074/ http://securityreason.com/securityalert/4564 XForce ISS Database: adobe-acrobatreader-collab-code-execution(46344) https://exchange.xforce.ibmcloud.com/vulnerabilities/46344 XForce ISS Database: adobe-acrobatreader-object-code-execution(46333) https://exchange.xforce.ibmcloud.com/vulnerabilities/46333 Common Vulnerability Exposure (CVE) ID: CVE-2008-4814 http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124 XForce ISS Database: adobe-javascript-code-execution1(46334) https://exchange.xforce.ibmcloud.com/vulnerabilities/46334 Common Vulnerability Exposure (CVE) ID: CVE-2008-4815 https://bugzilla.redhat.com/show_bug.cgi?id=469882 XForce ISS Database: adobe-acrobat-reader-priv-escalation(46335) https://exchange.xforce.ibmcloud.com/vulnerabilities/46335 Common Vulnerability Exposure (CVE) ID: CVE-2008-4817 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756 http://osvdb.org/49541
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.